Incremental Proof Development in Dafny with Module-Based Induction

TL;DR

This paper introduces a module-based induction approach in Dafny to enhance proof stability and maintainability for inductive data structures, addressing automation unpredictability.

Contribution

It presents a novel method using Dafny modules to encode induction principles, improving proof stability and debugging in automated theorem proving.

Findings

Enhanced proof stability with module-based induction

Reduced verification time fluctuations

Improved debugging and maintainability

Abstract

Highly automated theorem provers like Dafny allow users to prove simple properties with little effort, making it easy to quickly sketch proofs. The drawback is that such provers leave users with little control about the proof search, meaning that the small changes inherent to the iterative process of writing a proof often lead to unpredictable variations in verification time, and eventually hard-to-diagnose proof failures. This sometimes turns the boon of high automation into a curse, as instead of breaking early and showing unsolved goals to the user like in Coq, proofs tend to gradually become unstable until their verification time explodes. At this point, the absence of a proof context to investigate often leaves the user to a painful debugging session. In this paper, we show how to use Dafny modules to encode Coq-like induction principles to dramatically improve the stability and maintainability of proofs about inductive data structures.